
(add-to-load-path "/home/joshua/prog/gnu/guix/guix-config/linode-guix-system-configuration/")

(use-modules (gnu)
             (guix modules)
             (endlessh-service)
             (public-keys))
(use-service-modules networking
                     ssh)
(use-package-modules admin
                     certs
                     package-management
                     ssh
                     tls)

(operating-system
  (host-name "aquinas")
  (timezone "America/Indiana/Indianapolis")
  (locale "en_US.UTF-8")
  ;; This goofy code will generate the grub.cfg
  ;; without installing the grub bootloader on disk.
  ;;
  (keyboard-layout (keyboard-layout "us" "dvorak"
                                    #:model "thinkpad"
                                    #:options '("ctrl:swapcaps")))

  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (targets (list "/dev/sda"))))

  (file-systems (cons (file-system
                        (device "/dev/sda")
                        (mount-point "/")
                        (type "ext4"))
                      %base-file-systems))

  (swap-devices (list (swap-space
                       (target "/dev/sdb"))))

  (initrd-modules %base-initrd-modules)

  (users (cons (user-account
                (name "joshua")
                (group "users")
                ;; Adding the account to the "wheel" group
                ;; makes it a sudoer.
                (supplementary-groups '("wheel"))
                (home-directory "/home/joshua"))
               %base-user-accounts))

  (packages (cons* nss-certs            ;for HTTPS access
                   openssh-sans-x
                   %base-packages))

  (services (cons*
             (service dhcp-client-service-type)
             (service endlessh-service-type)
             (service openssh-service-type
                      (openssh-configuration
                       (openssh openssh-sans-x)
                       (port-number 63355)
                       (password-authentication? #false)
                       (authorized-keys
                        `(("joshua" ,(plain-file "id_rsa.pub" %joshua-ssh-key))))))
             %base-services)))
